It is hard to imagine a modern corporate office, regardless of its size, without a computer network. Networks provide fast exchange of information between personal computers (PC) connected thereto and access to shared network resources and devices. However, it is necessary to manage and control access of PCs to the corporate network and access of external data storage devices, such as Flash drives and other mass data storage devices, to the corporate network. In a typical corporate environment, hundreds of instances of connection of such data storage devices to the corporate PCs are registered daily. And often, such data storage devices contains harmful software (i.e., malware), which can cause significant damage to the PC to which the device is connected. In addition, the malware can spread through the network and cause damage to other PCs as well. Such incidents often require company's IT staff to spend time identifying the malware and removing it from the infected PCs. Also, such infections can cause loss of commercial secrets and even financial losses.
Even if corporate PCs have antivirus applications, computers are not 100% protected against possible malware infections from directly connected data storage devices. Such situations may arise, for example, when a user of a corporate PC has not updated antivirus databases of the antivirus software for a long time, and unbeknownst to the user connected to the PC a Flash drive containing a new type of malware, which may not be detected by the antivirus application using outdated antivirus databases. This malware may spread to other PCs in the corporate network causing significant damage or loss of information. There are many other scenarios in which oversight or inexperience of PC users can cause malware infections.
Also, repair of a data storage device, such as a Flash drive, infected with a malware can cause different problems, including damage to the device itself. For example, when an antivirus application detects a malware on a data storage device and removes malware's executable components, the antivirus application may leave untouched malware's autorun.inf file, which is typically used for the automatic launch of applications and programs from a data storage device under Windows OS. As a result, the data storage device will no longer be detectable when it is connected to a PC. Also, if, for example, antivirus application detected a harmful software on the data storage device and tries to repair or remove executable components of the detected malware, and, at this time, the user extracts the data storage device from the PC, then the file system of the data storage device may be damaged and cause total loss of data on the device. This may happen because antivirus applications typically do not inform user about repair or removal of malware from Flash drives.
Accordingly there is a need for improved systems and methods for detection and repair of malware on portable data storage devices, such as Flash drives and the like.